Commit Graph

3964 Commits

Author SHA1 Message Date
matt335672
e6c098e750 Remove s_check() macro 2022-02-09 10:18:15 +00:00
matt335672
a13742f097
Merge pull request #2140 from matt335672/cpprelease_27
Move to cppcheck 2.7 and bump default threads to 2
2022-02-08 09:27:43 +00:00
matt335672
baf62457a3 Move to cppcheck 2.7 and bump default threads to 2 2022-02-07 09:31:34 +00:00
metalefty
2651682be9
Merge pull request #2138 from metalefty/typo
Fix typo in past CVE number
2022-02-07 16:51:14 +09:00
Koichiro IWAO
79bc7c040e
Fix typo in past CVE number 2022-02-07 15:54:56 +09:00
metalefty
4def30ab8e
Merge pull request from GHSA-8h98-h426-xf32
Add lower bound to sesman data input size check
2022-02-07 15:18:15 +09:00
matt335672
eb4a8e342d Add lower bound to sesman data input size check 2022-02-02 10:39:50 +00:00
matt335672
934a91fc29
Merge pull request #2130 from matt335672/ssl3_fixes
OpenSSL3 fixes (#2130)
2022-01-31 09:39:20 +00:00
matt335672
7b1316fd1b
Merge pull request #2124 from matt335672/fedora_check
Fix problems with check 0.15.2 (F36)
2022-01-31 09:34:52 +00:00
matt335672
4699dced14 Implement base64 without openssl 2022-01-28 12:23:40 +00:00
matt335672
8b8cfbe119 Improve wrapping of openssl module 2022-01-28 12:23:40 +00:00
matt335672
e79bc7f181 Fix banner comments in test results 2022-01-28 12:23:40 +00:00
matt335672
c894ba5b40 Better logging of classic connection security 2022-01-28 12:23:40 +00:00
matt335672
6cebade78e OpenSSL 3.x compatibility 2022-01-20 16:45:25 +00:00
matt335672
fde161bac3 Add unit tests for SSL calls 2022-01-20 16:44:49 +00:00
matt335672
d02059d967 Add missing ssl_sha1_clear()/ssl_md5_clear() calls 2022-01-20 16:43:00 +00:00
matt335672
d853228c19 const fixes for SSL calls 2022-01-19 11:11:37 +00:00
matt335672
3146e624c4 Fix problems with check 0.15.2 (F36) 2022-01-19 11:08:13 +00:00
matt335672
e528a1f452
Merge pull request #2123 from matt335672/update_ver
README : Make latest version dynamic
2022-01-18 14:29:10 +00:00
matt335672
bf4c5f2631 README : Make latest version dynamic 2022-01-17 10:54:54 +00:00
matt335672
db982ec1dd
Merge pull request #2119 from matt335672/readme_typo
Fix typo in README.md
2022-01-14 12:47:35 +00:00
matt335672
307bfc1f4a Fix typo in README.md 2022-01-14 12:40:22 +00:00
matt335672
dfd64e2147
Merge pull request #2082 from kenhys/extend-inbound-outbound-restriction
Extend inbound/outbound clipboard restriction
2022-01-14 11:17:49 +00:00
matt335672
cffce1f856 Only advertise X11 clip formats we can supply 2022-01-14 11:11:03 +00:00
Kentaro Hayashi
8487c298ba Update sesman.ini.5 explanation about RestrictOutboundClipboard,RestrictOutboundClipboard
RestrictOutboundClipboard,RestrictOutboundClipboard are extended to
accept text,file,image configuration value.
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
47bc56f5a4 Add sesman.ini new text/file/image restriction settings
RestrictInboundClipboard is added.

Then, RestrictOutboundClipboard/RestrictInboundClipboard configuration
is extended to accept comma separated list.

  * RestrictOutboundClipboard=none
  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image
  * RestrictOutboundClipboard=all
  * RestrictOutboundClipboard=text, image, file

For compatibility, the following configuration is also
accepted (alias)

  * RestrictOutboundClipboard=true
  * RestrictOutboundClipboard=false
  * RestrictOutboundClipboard=yes
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
1d6d80d14f Block inbound clipboard text/image/file respectively
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)

Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.

  * RestrictInboundClipboard=text
  * RestrictInboundClipboard=file
  * RestrictInboundClipboard=image

You can also set comma separated list.

  * RestrictInboundClipboard=text,file,image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
fb1c4ec945 Block outbound clipboard text/image/file respectively
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.

For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.

Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.

  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image

You can also set comma separated list

  * RestrictOutboundClipboard=text, file, image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
bd82084505 Extend In/Outbound text,file,image restriction respectively
It supports the extended configurations for sesman.ini:

Before:

  [Security]
  RestrictOutboundClipboard=true or false

After:

  [Security]
  RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
  RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]

Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.

  RestrictInboundClipboard=file, image
  RestrictOutboundClipboard=text, file, image

Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true

It is same for RestrictInboundClipboard.
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
69ea406440 Add g_str_to_bitmask utility function
It should be used for comma separated configuration to bitmask.

e.g. RestrictOutboundClipboard = text, file, image
2022-01-14 10:17:02 +09:00
matt335672
d27e5472dd
Merge pull request #2118 from matt335672/rhel7_imlib2
Support imlib2 on RHEL 7
2022-01-13 10:23:14 +00:00
matt335672
3de1e966b4 Support imlib2 on RHEL 7 2022-01-12 11:41:26 +00:00
metalefty
d76732b342
Merge pull request #2109 from metalefty/release
Release v0.9.18
2022-01-11 09:19:22 +09:00
Koichiro IWAO
1ce2215aac Bump version to v0.9.18 2022-01-11 09:00:27 +09:00
Koichiro IWAO
137b76d329 Update NEWS for v0.9.18 2022-01-11 09:00:27 +09:00
matt335672
453ae8c700
Merge pull request #2110 from matt335672/rfxcodec_016
Bump librfxcodec version to v0.1.6
2022-01-07 12:14:44 +00:00
matt335672
f826e55eda Bump librfxcodec version to v0.1.6 2022-01-07 11:57:11 +00:00
matt335672
96a92d4e32
Merge pull request #2106 from matt335672/update_librfxcodec
Merge in librfxcodec #49
2022-01-05 11:27:51 +00:00
matt335672
7be27ef8b0 Merge in librfxcodec #49 2022-01-05 11:12:48 +00:00
matt335672
ab0e141fa9
Merge pull request #2011 from matt335672/unify_scpv0_code
Unify scpv0 code #2011
2022-01-05 11:06:42 +00:00
matt335672
15b8578b54
Merge pull request #1932 from Nexarian/add_monitor_processing_unit_tests
Add monitor processing unit tests for existing xrdp_sec function
2022-01-05 10:23:55 +00:00
matt335672
ec44055139
Merge pull request #2087 from matt335672/issue2064
RFX : Support large screens
2022-01-05 10:22:46 +00:00
matt335672
63c4d1f793
Merge pull request #2098 from matt335672/remove_func_declaration
Remove unused declaration for xrdp_wm_drdynvc_up
2022-01-05 09:25:05 +00:00
matt335672
e80a8bbe3f
Merge pull request #2105 from matt335672/gcc11_warning
Fix gcc11.1 uninitialised var warning
2022-01-05 09:23:24 +00:00
matt335672
67bf23feee Fix gcc11.1 uninitialised var warning 2022-01-04 10:09:33 +00:00
matt335672
f07412839a Remove unused declaration for xrdp_wm_drdynvc_up 2021-12-27 13:02:41 +00:00
metalefty
a8375d68b5
Merge pull request #2088 from kenhys/use-log
Use LOG instead of LOG_DEVEL
2021-12-23 14:22:18 +09:00
Kentaro Hayashi
53027ad5af Use LOG instead of LOG_DEVEL
According to https://github.com/neutrinolabs/xrdp/wiki/Logging,
it may be better to emit this log message because this log is
useful for system administrator to know whether RestrictOutboundClipboard
configuration works or not

And raise log level to info because it is informative for system
administrator.
2021-12-23 12:58:35 +09:00
matt335672
0d1cdb8d48 RFX: librfxcodec changes for message splitting 2021-12-22 11:10:25 +00:00
matt335672
c9f1346fcc Fix over-allocation in rfx encoder setup 2021-12-22 11:09:16 +00:00